Netsight LDAP Authentication of Groupmembers

  • 0
  • 1
  • Problem
  • Updated 4 months ago
  • Solved
Hello,
I'm currently changing my Netsight-Authentication from OS to LDAP (MS Active Directory).
I've 2 groups in AD. 1 for admins and 1 for operators.
Is there a way to configure that all groupmembers have access to netsight with definded AuthorizationGroups in Netsight?

I'm currently a bit confusing about situation.
Photo of Peter

Peter

  • 958 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 47,040 Points 20k badge 2x thumb
Photo of Peter

Peter

  • 958 Points 500 badge 2x thumb
Hi Ron,
thanks for your reply, but it doesn't really help... because it shows NAC and not Netsight...But it helps thinking...
"Membership Criteria" seems to be the field I need in Auth-Group configuration
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,590 Points 5k badge 2x thumb
Also see the following. I believe you will need the user setup in both parts, to get the 'separation' into different groups from Netsights point of view.
Photo of Peter

Peter

  • 958 Points 500 badge 2x thumb
@Mike
That meens, that I need to create user in "authorized Users" Tab in Netsight? Or is this only nessecary for local users?
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,590 Points 5k badge 2x thumb
No, it's needed for LDAP as well. We don't expect users to want anyone within an LDAP group to get access.
Photo of Peter

Peter

  • 958 Points 500 badge 2x thumb
and still it works...
You do not need to create users in netsight...they will automatically added, if they are groupmembers in LDAP...
Photo of Gabriel Bagita

Gabriel Bagita

  • 550 Points 500 badge 2x thumb
I've had the same problem but solved it. The correct membership criteria of the Authorization Group should be memberOf="DN of the AD Group". IMHO the instruction in the help is not very correct.
Photo of Peter

Peter

  • 958 Points 500 badge 2x thumb
This function is not implemented very well...
I've a lot LDAP setups at customers but sometimes the automatic groubmembership is not working, but I don't understand why.... When I add user to ldap group in netsight, it works... but this is not the function I will have.

Some Ideas, why this wouldn't work every time?